
Penetration Testing mailing list archives
Re: Encryption - Kerberos
From: Radmilo Racic <rracic () gmail com>
Date: Mon, 26 Oct 2009 09:46:29 -0700
Encryption only provides a confidentiality so even a human would not know if the text has been properly decrypted without an integrity check. In other words, a human or a service can check a hash/MAC/digital signature to ensure that the integrity of the text. Kerberos does indeed offer integrity service (optionally) through a one-way hash that is sent along the plaintext. Hopefully this answers your question. Cheers, -- Radmilo On Mon, Oct 26, 2009 at 9:46 AM, Radmilo Racic <rracic () gmail com> wrote:
Encryption only provides a confidentiality so even a human would not know if the text has been properly decrypted without an integrity check. In other words, a human or a service can check a hash/MAC/digital signature to ensure that the integrity of the text. Kerberos does indeed offer integrity service (optionally) through a one-way hash that is sent along the plaintext. Hopefully this answers your question. Cheers, -- Radmilo On Sat, Oct 24, 2009 at 2:23 AM, M.D.Mufambisi <mufambisi () gmail com> wrote:Hi people. I have a question on encryption. When say a sentence such as "my name is bruno" is encrypted, to say ciphertext "sakjkg6*672khkhkjhs jhkhaskh" and sent to my friend stan....who then decrypts it....back to "my name is bruno". Stan will be able to tell that he has succesfully decrypted the ciphertext because he is human and the resultant decrypted text makes sense to him right? Now in the instance of kerberos, where there are no humans but computers or services.....how does a service know that it has succesfully decrypted ciphertext? I have seen that PGP can tell that a text is succesfully decrypted. How does it do this? I hope my question is clear. Regards ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Encryption - Kerberos M.D.Mufambisi (Oct 27)
- Message not available
- Re: Encryption - Kerberos Radmilo Racic (Oct 27)
- Re: Encryption - Kerberos Edd Burgess (Oct 27)
- Re: Encryption - Kerberos Radmilo Racic (Oct 27)
- Message not available